"oc new-app"不会通过输入图像完全暴露端口 [英] "oc new-app" does not expose port altough the input image does
问题描述
我正在研究OpenShift 3.9,并设法使用oc new-app
和Docker构建策略构建并运行了第一个容器.我的Dockerfile包含命令EXPOSE 5432
.
I'm exploring OpenShift 3.9 and have managed to get a first container built and running with oc new-app
and the Docker build strategy. My Dockerfile includes the command EXPOSE 5432
.
首次发布oc describe istag/my_app:latest | grep ^Exposes
报告Exposes Ports: 5432/tcp
后,看起来不错:该图像公开了端口5432.但是oc describe po/my_app-1-some_id | grep "^\s*Port"
报告了Port: <none>
,因此总体而言,该端口似乎在Docker级别公开,但还不是Kubernetes/OpenShift的级别.
After the rollout oc describe istag/my_app:latest | grep ^Exposes
reports Exposes Ports: 5432/tcp
, so that looks good: the image exposes port 5432. But oc describe po/my_app-1-some_id | grep "^\s*Port"
reports Port: <none>
, so overall it seems as if the port is exposed at the level of Docker, but not yet the level of Kubernetes/OpenShift.
OpenShift文档表示以下内容:
new-app命令尝试检测输入图像中的裸露端口. 它使用最低的数字暴露端口来生成服务, 暴露该端口.为了公开另一个端口,在new-app之后 已经完成,只需使用oc暴露命令生成额外的 服务.
The new-app command attempts to detect exposed ports in input images. It uses the lowest numeric exposed port to generate a service that exposes that port. In order to expose a different port, after new-app has completed, simply use the oc expose command to generate additional services.
为什么oc new-app
在这种情况下不公开端口5432(实际上,它也不会创建任何service
资源),我如何使其自动完成,因为输入图像已经存在并且似乎可以判断从文档中获取?
Why does oc new-app
not expose port 5432 in this situation (in fact it does not create any service
resource either) and how can I make it do so automatically, as the input image already does and as seems possible judging from the documentation?
更新,以下是有关如何创建新应用程序的更多详细信息:
UPDATE Here is more detail on how the new application was created:
oc new-app ssh://my_account@my_git_server/my_path/my_repo.git
--context-dir=my_dir --strategy=docker --name my_app
到目前为止,Git存储库包含一个普通的my_dir/Dockerfile
,而该存储库又包含命令EXPOSE 5432
.
The Git repository contains a so far trivial my_dir/Dockerfile
, and it in turn contains the command EXPOSE 5432
.
推荐答案
最后,问题突然"消失了,oc new-app
现在确实暴露了端口(如文档所述).到目前为止,我正在使用这样的普通Dockerfile
In the end, the problem "suddenly" went away and oc new-app
now indeed exposes the port (as the documentation says). I am so far using a trivial Dockerfile
such as this
FROM debian:stretch
EXPOSE 5432
COPY start.sh /usr/local/bin/start.sh
CMD ["start.sh"]
其中startup.sh
调用sleep infinity
.在解释方面,我只能猜测我犯了一些导致干扰的次要和暂时性错误.
where startup.sh
calls sleep infinity
. In terms of explanation, I can only guess that I had made some secondary and transient error that caused an interference.
以下是尝试诊断和解决问题时的经验教训(非常感谢@GrahamDumpleton):
Here are lessons learned while attempting to diagnose and solve the issue (big thanks to @GrahamDumpleton):
- 如果
oc new-app
一切正常,则oc get all
应该为资源svc/my_app
指示端口5432/TCP
,并且还应该列出类型为deploymentconfigs
,buildconfigs
,builds
的新OpenShift(和Kubernetes)资源. ,imagestreams
,po
和rc
. - 此自动机制仅在端口内部公开端口
群集,即
svc/my_app
具有(并监听)群集IP(而非外部IP). - 其他参数
--dry-run -output json
使oc new-app
进行试运行并打印通常会创建哪些资源的精确描述(以JSON格式).
- If all goes well with
oc new-app
,oc get all
should indicate port5432/TCP
for resourcesvc/my_app
and should also list new OpenShift (and Kubernetes) resources of typesdeploymentconfigs
,buildconfigs
,builds
,imagestreams
,po
, andrc
. - This automatic mechanism exposes the port only inside the
cluster, i.e.
svc/my_app
has (and listens on) a cluster-IP (not: external-IP). - Additional arguments
--dry-run -output json
causeoc new-app
to conduct a dry-run and print an exact description (in JSON format) of what resources it would normally create.
这篇关于"oc new-app"不会通过输入图像完全暴露端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!